dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2024-12-27 04:58:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #17 from Zash/zash/checkkey

Browse Source 
Verify that certificate and key belong together
This commit is contained in:
brunoos 2014-04-21 13:07:38 -03:00
commit 77637e9d3c
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/context.c
View File

@ -395,6 +395,17 @@ static int load_key(lua_State *L)
return ret; return ret;
} }
/**
* Check that the certificate public key matches the private key
*/
static int check_key(lua_State *L)
{
SSL_CTX *ctx = lsec_checkcontext(L, 1);
lua_pushboolean(L, SSL_CTX_check_private_key(ctx));
return 1;
}
/** /**
* Set the cipher list. * Set the cipher list.
*/ */
@ -564,6 +575,7 @@ static luaL_Reg funcs[] = {
{"locations", load_locations}, {"locations", load_locations},
{"loadcert", load_cert}, {"loadcert", load_cert},
{"loadkey", load_key}, {"loadkey", load_key},
{"checkkey", check_key},
{"setcipher", set_cipher}, {"setcipher", set_cipher},
{"setdepth", set_depth}, {"setdepth", set_depth},
{"setdhparam", set_dhparam}, {"setdhparam", set_dhparam},

8
src/ssl.lua
View File

@ -58,8 +58,12 @@ function newcontext(cfg)
end end
-- Load the certificate -- Load the certificate
if cfg.certificate then if cfg.certificate then
succ, msg = context.loadcert(ctx, cfg.certificate) succ, msg = context.loadcert(ctx, cfg.certificate)
if not succ then return nil, msg end if not succ then return nil, msg end
if cfg.key and context.checkkey then
succ = context.checkkey(ctx)
if not succ then return nil, "private key does not match public key" end
end
end end
-- Load the CA certificates -- Load the CA certificates
if cfg.cafile or cfg.capath then if cfg.cafile or cfg.capath then